With the new Privacy Regulation 2013 from Schedule 1 of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, which amends the Privacy Act 1988, due to be enforced on the 12th of March 2014, companies are being urged to get to know the new Australian Privacy Principles (APP’s). 13 new harmonised privacy principles outline enhanced privacy protection, some of which are significantly different to previous principles (particularly APP 7 & 8).
APP 1 - Open and transparent management of personal information
APP 2 - Anonymity and pseudonymity
APP 3 - Collection of solicited personal information
APP 4 - Dealing with unsolicited personal information
APP 5 - Notification of the collection of personal information
APP 6 - Use or disclosure of personal information
*APP 7 - Direct marketing involving personal information
*APP 8 - Cross-border disclosure of personal information
APP 9 - Adoption, use or disclosure of government related identifiers
APP 10 - Quality of personal information
APP 11 - Security of personal information
APP 12 - Access of personal information
APP 13 - Correction of personal information
The Australian Information Commissioner will also have enhanced powers, including the ability to accept enforceable undertakings, seek civil penalties in the case of serious or repeated breaches of privacy and conduct assessments of privacy for both government agencies and businesses.
In accordance with the new laws, the Australian Government requires that an APP entity take such steps as are reasonable in the circumstances to implement practices, procedures and systems relating to the entity’s functions or activities that:
(a) will ensure that the entity complies with the Australian Privacy Principles and a registered APPcode (if any) that binds the entity; and
(b) will enable the entity to deal with inquiries or complaints from individuals about the entity’s compliance with the Australian Privacy Principles or such a code.
Key steps to managing privacy concerns:
-
Appoint a chief privacy officer
-
Know what personal information your company collects
-
Ensure that your privacy policies are clearly written and enforceable
-
Disclose personally identifiable information to third parties only for reasons stated in your privacy notice
-
Create a privacy-friendly environment
-
Address all privacy-related laws and regulations that apply to your business
-
Train employees to protect the privacy of personally identifiable information
-
Provide process for individuals to make complaints
-
Create an incident-response plan
-
Consider having a privacy audit performed by an outside trusted entity
|